fix #204: factor makeCred into reg & authn priv considerations #777
Conversation
equalsJeffH
added
type:editorial
privacy-tracker
index.bs
Outdated
| {{PublicKeyCredential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}} methods need to take care to | ||
| not leak information that could enable a malicious [=[RP]=] to distinguish between these cases, where "named" means that the | ||
| [=public key credential|credential=] is listed by the [=[RP]=] in either {{MakePublicKeyCredentialOptions/excludeCredentials}} | ||
| or {{PublicKeyCredentialRequestOptions/allowCredentials}}, as applicable: | ||
|
|
||
| - A named [=public key credential|credential=] is not available. | ||
| - A named [=public key credential|credential=] is available, but the user does not [=user consent|consent=] to use it. | ||
|
|
||
| If the above cases are distinguishable, information is leaked by which a malicious [=[RP]=] could identify the user by probing for | ||
| which [=public key credential|credentials=] are available. For example, one such information leak is if the client returns a | ||
| failure response as soon as the user denies [=user consent|consent=] to proceed with the operation. In this case the [=[RP]=] |
There was a problem hiding this comment.
Perhaps change
as soon as the user denies [=user consent|consent=] to proceed with the operation
to something like this?
as soon as the user denies [=user consent|consent=] to proceed with an [=authentication=] [=ceremony=]
Seeing as the following sentence refers specifically to allowCredentials, I mean.
There was a problem hiding this comment.
incorp'd a build on this suggestion, pls review
There was a problem hiding this comment.
What I was trying to say is that the conclusion "at least one of the credentials listed in the allowCredentials parameter is available" is applicable only to the case of authentication ceremonies, not registration ceremonies. For registration ceremonies the conclusion is instead that the user has an authenticator that is not registered, which probably isn't as big a privacy concern.
|
@equalsJeffH can you finish the merge here ? |
|
incorp'd a build on suggestion #777 (comment), pls review |
fixes #204
see #204 (comment)
and #687 (comment)
and #687 (comment)
Preview | Diff